lha crash, but which mail caused it?
Mark Martinec
Mark.Martinec+amavis at ijs.si
Mon Feb 27 16:11:08 CET 2012
Ralf,
> Today I found:
> Feb 25 13:39:41 mail kernel: [949050.319465] lha[2480]: segfault at
> bfec787d ip 0804d62a sp bfec316c error 4 in lha[8048000+d000]
>
> Since amavis is the only program to use lha I'd like to know which
> mail caused thus. But how do I find the mail that caused this?
If you had logging level at 5, the PID of each launched process would
be logged by do_log(5,"run_command: [%s] %s", $pid,$msg);
> # fgrep amavis /var/log/mail.log |egrep " 13:3[89]:" | grep -i Content-Type
This gives you only MIME-level types (top-level mostly).
To also see nested part types a search for 'p.path ' would be
more revealing (logged at log level 3 for all, and at 1 for banned).
The lha decoder is launched for parts that look like in lha format, but
also by do_executable(), which tries several decoders on an executable
in an attampt to guess a self-extracting archives.
So in your case, considering a timestamp and the fact that most other
mail messages close in time to the event were text-only, the most likely
culprit is:
Feb 25 13:39:37 mail amavis[30937]: (30937-17) p002 1/2 Content-Type:
application/zip, size: 3897513 B, name: humanresearch.zip
Mark
More information about the amavis-users
mailing list